CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

CVE-2026-26327

Summary (CVE-2026-26327 OpenClaw) OpenClaw uses discovery beacons that publish TXT records (lanHost, tailnetDns, gatewayPort, gatewayTlsSha256). TXT values are unauthenticated and, prior to 2026.2.14, could be treated as authoritative routing/pinning hints by some clients (iOS/macOS used host hin...

CVE-2026-26327 OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning

OpenClaw is a personal AI assistant. Discovery beacons Bonjour/mDNS and DNS-SD include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs...

CVE-2025-13034 No QUIC certificate pinning with GnuTLS

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

CVE-2025-13034

CVE-2025-13034 affects curl/libcurl and the curl tool. A flaw in the CURLOTP_PINNEDPUBLICKEY/--pinnedpubkey public-key pinning check could allow a connection to proceed without proper server identity verification when QUIC with ngtcp2 is built to use GnuTLS and the user disables standard certific...

CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

[slackware-security] curl

New curl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.17.0-i586-1slack15.0.txz: Upgraded. This update fixes security issues: OpenSSL partial chain store policy bypass. bearer token le...

curl: Certificate Pinning Bypass with wolfSSL backend over HTTP/3

Summary: A security feature bypass exists in libcurl when built with the wolfSSL backend and HTTP/3 support. The Certificate Pinning feature --pinnedpubkey is silently ignored if the user also disables peer verification -k or --insecure . This behavior is inconsistent with other backends like...

EUVD-2017-2767

Malware in sbrugna...

EUVD-2021-19526

Malware in sbrugna...

EUVD-2017-18877

Malware in sbrugna...

EUVD-2016-9885

Malware in sbrugna...

EUVD-2018-10679

Malware in sbrugna...

EUVD-2017-11784

Malware in sbrugna...

EUVD-2025-19095

Malicious code in bioql PyPI...

EUVD-2022-2383

Malicious code in bioql PyPI...

EUVD-2023-41836

Malicious code in bioql PyPI...

EUVD-2025-16332

Malicious code in bioql PyPI...

EUVD-2025-19096

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-20200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean valu...